-
Notifications
You must be signed in to change notification settings - Fork 23.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FIX] tools: properly guess image/svg+xml #68211
Conversation
Not sure who to ping for this kind of code review... maybe you @xmo-odoo? What do you think about this quick fix? |
00a687b
to
c983a67
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One of the two library [...] is somtimes [...]
This feels very uncertain :D When? Why? Do you have a bug report to link to?
If a library is returning a wrong result, we should report this upstream, and only if we can not backport it (e.g. fix included in a release with breaking changes or unmaintained), we should monkey patch it.
I can see this kind code hanging around in 6 years with nobody remembering why it was put there in the first place.
Regarding the patch itself, if I am not mistaken, the python-magic
package does not identify the mimetype itself, it loads the libmagic
library installed on the system.
So
- isn't the
python-magic
provided by Debian has the same issue? - isn't the issue in one of these system library instead?
Not uncertain at all... when? When I use a SVG file (= sometimes). Why? I don't know, I did not write the lib, the image/svg mimetype simply is not a valid mimetype that I know of. We could make this patch even in ir.attachment to not allow to save the "image/svg" mimetype and close our eyes on the guess method if we were careless 😉
No, otherwise I would have 😉 It is just a bug we detected on our own. Why did not we see it before? Because we never guess the mimetype of svg file using those libraries as we mostly guess the mimetype checking the filename, see
@JKE-be is this what you tested yesterday? I remember the conflict between the two python-magic libraries but did not know about them using a random magic package as explained by @mart-e 🤷 Anyways, you know better than me what to do, you found the fix in 5minutes in the first place 😉 |
So if you can reproduce it on your computer, can you check which implementation/version of
(and same with invoking |
@mart-e searching for And from the comment on mdn/kuma#6144 it might not even be a reliable misdetection:
|
maybe file/file@bc86bfe (changed at file/file@1a08bb5 ) ? |
Also wrt "two libraries" it kinda looks like the debian one has been deprecated / removed / ...? starting from buster the package uses the description of "pypi magic" and links to its github instead of the old magic from file(1). Though if the issue is in libmagic I expect that will be buggy either way. (/cc @d-fence) |
You are right @mart-e It happens in both cases. But the bug is really not "uncertain", install debian python3-magic or with pip3 and try to upload any svg and you will see that it returns the wrong 'image/svg' mimetype instead of "image/svg+xml" Until now, we don't see the error because most of us don't upload svg, or just don't have the "unrequired" magic package. Let me know if we need to rewrite the PR to fix both import (debian or pip) or if you have better plan (like remove dependencies to magic?)... |
ps: add xml on top of the svg will works too...
Maybe it is the simple solution |
After more discussion, we continue to think that we should never use image/svg and apply something similar to this PR like |
src: from the O'Reilly Media book by Amelia Bellamy-Royds, Kurt Cagle, and Dudley Storey. |
My debian is too old :D
I see your point, especially if we can see that Lines 1997 to 2000 in a7110b6
But it's not always the case client side
Anyway, this patch should also be applied on the Debian version, and with a good comment. Now, is it bad enough to change this in 12.0? |
Imo yes, since it doesn't work in v12 and we add svg support in v12: https://github.com/odoo/odoo//1be50fdeafcd2b94f7b2f47d6e5bc4b6ebaceadd We always follow the same policy: fix bug in first version supported where code is still the same and fwd port will not have conflict. I don't see any reason to don't follow it now. |
@qsm-odoo could you explain the problematic use-case though? As in, how you stumbled upon this issue. |
Here are my 2 cents: Now fixed in master but not yet in Debian Buster (fixed with magic 5.39 in Debian Bullseye) You can easily test that by creating a file with only |
Hello @xmo-odoo Have magic installed on your computer It will load https://github.com/odoo/odoo/blob/master/addons/website/static/src/img/website_logo.svg?short_path=991f026 as attachment (the default website logo) which one only contains svg without (optional ?) xml version and doctype. At this point, you have no error, but the mimetype in db ir.attachment is image/svg Now go to your website, and you will see a "placeholder broken" image on Chrome, or nothing on Firefox. update in DB or apply patch and create a new website, now that logo have the right mimetype, you can see you logo appears on your website |
@d-fence , yes it was the other solution proposed here #68211 (comment) But since browser cannot display image/svg, idea was to fix for all future svg too |
IMHO the present fix makes sense and to answer @mart-e , I think it's needed in 12.0 as the Debian versions were not fixed at the time of 12.0 release ... with a good comment that explains why. |
Without this 'XML declaration', if you have magic installed, the mime type is image/svg instead of image/svg+xml and browser don't render it. This commit is related to odoo#68211 meanwhile a more generic solution (if needed).
Not sure what you're responding to, but the version I'm suggesting doesn't change the API of guess_mimetypes. |
guess_mimetypes take a 3rd params _guesser now. What is considered as one change of api for Odoo no ? |
That's just an optimisation (so the guesser is looked up as a local instead of a global), the way |
6e6e947
to
e37dcb0
Compare
odoo/tools/mimetypes.py
Outdated
ms = magic.open(magic.MAGIC_MIME_TYPE) | ||
ms.load() | ||
guess_mimetype = lambda bin_data, default=None: ms.buffer(bin_data) | ||
_guesser = ms.buffer | ||
def guess_mimetypes(bin_data, default=None): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
def guess_mimetypes(bin_data, default=None): | |
def guess_mimetype(bin_data, default=None): |
Magic return image/svg instead of image/svg+xml if file starts with <svg
e37dcb0
to
6dc907e
Compare
@robodoo r+ For tracking, a svg with |
@JKE-be, you may want to rebuild or fix this PR as it has failed CI. |
Magic return image/svg instead of image/svg+xml if file starts with <svg closes #68211 Signed-off-by: Jérémy Kersten (jke) <jke@openerp.com>
This pull request has forward-port PRs awaiting action (not merged or closed): #76876 |
2 similar comments
This pull request has forward-port PRs awaiting action (not merged or closed): #77188 |
1 similar comment
This pull request has forward-port PRs awaiting action (not merged or closed): #77188 |
One of the two "magic" library we allow to use to guess to mimetype of
data is sometimes returning "image/svg" instead of the wanted
"image/svg+xml".